What is the severity of CVE-2007-6600?

CVE-2007-6600 is classified as a medium severity vulnerability affecting PostgreSQL versions before 8.2.6.

How do I fix CVE-2007-6600?

To fix CVE-2007-6600, upgrade PostgreSQL to versions 7.4.19, 8.1.11, or 8.2.6 or later.

Which PostgreSQL versions are affected by CVE-2007-6600?

CVE-2007-6600 affects PostgreSQL versions 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21.

Are there any known exploits for CVE-2007-6600?

There is no publicly available information indicating that CVE-2007-6600 has been actively exploited.

Vulnerability/
CVE-2007-6600

medium

6.5

CWE

264

1/1/2008

7/1/2008

9/1/2008

7/8/2024

CVE-2007-6600

Q: What specifically does CVE-2007-6600 impact in PostgreSQL?

CVE-2007-6600 impacts the use of superuser privileges instead of table owner privileges for VACUUM and ANALYZE operations.

First published: Tue Jan 01 2008(Updated: )

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/postgresql	<0:7.4.19-1.el4_6.1	0:7.4.19-1.el4_6.1
redhat/postgresql	<0:8.1.11-1.el5_1.1	0:8.1.11-1.el5_1.1
redhat/postgresql	<0:8.1.11-1.el4	0:8.1.11-1.el4
redhat/8.2.6	<1.	1.
PostgreSQL JDBC Driver	=7.4.16
PostgreSQL JDBC Driver	=8.1.10
PostgreSQL JDBC Driver	=8.1.6
PostgreSQL JDBC Driver	=8.0.7
PostgreSQL JDBC Driver	=8.0.2
PostgreSQL JDBC Driver	=8.1.7
PostgreSQL JDBC Driver	=7.3.3
PostgreSQL JDBC Driver	=8.2.4
PostgreSQL JDBC Driver	=7.3
PostgreSQL JDBC Driver	=8.0.10
PostgreSQL JDBC Driver	=8.0.12
PostgreSQL JDBC Driver	=8.0.9
PostgreSQL JDBC Driver	=7.4.1
PostgreSQL JDBC Driver	=7.3.9
PostgreSQL JDBC Driver	=7.3.10
PostgreSQL JDBC Driver	=8.2.2
PostgreSQL JDBC Driver	=8.0.0
PostgreSQL JDBC Driver	=8.1.3
PostgreSQL JDBC Driver	=7.4.14
PostgreSQL JDBC Driver	=7.4.6
PostgreSQL JDBC Driver	=7.3.18
PostgreSQL JDBC Driver	=7.4.11
PostgreSQL JDBC Driver	=7.3.16
PostgreSQL JDBC Driver	=8.2.5
PostgreSQL JDBC Driver	=8.0.3
PostgreSQL JDBC Driver	=7.3.15
PostgreSQL JDBC Driver	=7.4.7
PostgreSQL JDBC Driver	=7.3.11
PostgreSQL JDBC Driver	=8.1.9
PostgreSQL JDBC Driver	=7.4.17
PostgreSQL JDBC Driver	=7.4.3
PostgreSQL JDBC Driver	=7.3.6
PostgreSQL JDBC Driver	=8.2.1
PostgreSQL JDBC Driver	=7.4.9
PostgreSQL JDBC Driver	=7.4.5
PostgreSQL JDBC Driver	=7.3.8
PostgreSQL JDBC Driver	=7.4.18
PostgreSQL JDBC Driver	=8.0.8
PostgreSQL JDBC Driver	=7.4.8
PostgreSQL JDBC Driver	=8.0.6
PostgreSQL JDBC Driver	=7.4
PostgreSQL JDBC Driver	=7.4.4
PostgreSQL JDBC Driver	=8.0.13
PostgreSQL JDBC Driver	=7.3.13
PostgreSQL JDBC Driver	=8.1.4
PostgreSQL JDBC Driver	=8.0.1
PostgreSQL JDBC Driver	=8.1.8
PostgreSQL JDBC Driver	=7.3.2
PostgreSQL JDBC Driver	=7.3.17
PostgreSQL JDBC Driver	=7.3.5
PostgreSQL JDBC Driver	=7.4.12
PostgreSQL JDBC Driver	=7.3.12
PostgreSQL JDBC Driver	=8.1.1
PostgreSQL JDBC Driver	=8.1.5
PostgreSQL JDBC Driver	=7.3.14
PostgreSQL JDBC Driver	=7.3.1
PostgreSQL JDBC Driver	=7.4.10
PostgreSQL JDBC Driver	=8.2.3
PostgreSQL JDBC Driver	=7.3.19
PostgreSQL JDBC Driver	=8.0.4
PostgreSQL JDBC Driver	=8.0.5
PostgreSQL JDBC Driver	=8.0.14
PostgreSQL JDBC Driver	=7.3.7
PostgreSQL JDBC Driver	=8.2
PostgreSQL JDBC Driver	=7.4.2
PostgreSQL JDBC Driver	=8.0.11
PostgreSQL JDBC Driver	=8.0
PostgreSQL JDBC Driver	=7.4.13
PostgreSQL JDBC Driver	=7.3.4
PostgreSQL JDBC Driver	=8.1.2

Remedy

http://www.postgresql.org/about/news.905

Remedy

http://www.securityfocus.com/bid/27163

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2007-6600?
CVE-2007-6600 is classified as a medium severity vulnerability affecting PostgreSQL versions before 8.2.6.
How do I fix CVE-2007-6600?
To fix CVE-2007-6600, upgrade PostgreSQL to versions 7.4.19, 8.1.11, or 8.2.6 or later.
Which PostgreSQL versions are affected by CVE-2007-6600?
CVE-2007-6600 affects PostgreSQL versions 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21.
What specifically does CVE-2007-6600 impact in PostgreSQL?
CVE-2007-6600 impacts the use of superuser privileges instead of table owner privileges for VACUUM and ANALYZE operations.
Are there any known exploits for CVE-2007-6600?
There is no publicly available information indicating that CVE-2007-6600 has been actively exploited.

agent/type
agent/first-publish-date
agent/remedy
agent/weakness
agent/references
agent/author
agent/severity
agent/description
collector/redhat-cve
source/Red Hat
agent/software-canonical-lookup
collector/redhat-bugzilla
alias/CVE-2007-6600
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/redhat
vendor/postgresql
canonical/postgresql jdbc driver
version/postgresql jdbc driver/7.4.16
version/postgresql jdbc driver/8.1.10
version/postgresql jdbc driver/8.1.6
version/postgresql jdbc driver/8.0.7
version/postgresql jdbc driver/8.0.2
version/postgresql jdbc driver/8.1.7
version/postgresql jdbc driver/7.3.3
version/postgresql jdbc driver/8.2.4
version/postgresql jdbc driver/7.3
version/postgresql jdbc driver/8.0.10
version/postgresql jdbc driver/8.0.12
version/postgresql jdbc driver/8.0.9
version/postgresql jdbc driver/7.4.1
version/postgresql jdbc driver/7.3.9
version/postgresql jdbc driver/7.3.10
version/postgresql jdbc driver/8.2.2
version/postgresql jdbc driver/8.0.0
version/postgresql jdbc driver/8.1.3
version/postgresql jdbc driver/7.4.14
version/postgresql jdbc driver/7.4.6
version/postgresql jdbc driver/7.3.18
version/postgresql jdbc driver/7.4.11
version/postgresql jdbc driver/7.3.16
version/postgresql jdbc driver/8.2.5
version/postgresql jdbc driver/8.0.3
version/postgresql jdbc driver/7.3.15
version/postgresql jdbc driver/7.4.7
version/postgresql jdbc driver/7.3.11
version/postgresql jdbc driver/8.1.9
version/postgresql jdbc driver/7.4.17
version/postgresql jdbc driver/7.4.3
version/postgresql jdbc driver/7.3.6
version/postgresql jdbc driver/8.2.1
version/postgresql jdbc driver/7.4.9
version/postgresql jdbc driver/7.4.5
version/postgresql jdbc driver/7.3.8
version/postgresql jdbc driver/7.4.18
version/postgresql jdbc driver/8.0.8
version/postgresql jdbc driver/7.4.8
version/postgresql jdbc driver/8.0.6
version/postgresql jdbc driver/7.4
version/postgresql jdbc driver/7.4.4
version/postgresql jdbc driver/8.0.13
version/postgresql jdbc driver/7.3.13
version/postgresql jdbc driver/8.1.4
version/postgresql jdbc driver/8.0.1
version/postgresql jdbc driver/8.1.8
version/postgresql jdbc driver/7.3.2
version/postgresql jdbc driver/7.3.17
version/postgresql jdbc driver/7.3.5
version/postgresql jdbc driver/7.4.12
version/postgresql jdbc driver/7.3.12
version/postgresql jdbc driver/8.1.1
version/postgresql jdbc driver/8.1.5
version/postgresql jdbc driver/7.3.14
version/postgresql jdbc driver/7.3.1
version/postgresql jdbc driver/7.4.10
version/postgresql jdbc driver/8.2.3
version/postgresql jdbc driver/7.3.19
version/postgresql jdbc driver/8.0.4
version/postgresql jdbc driver/8.0.5
version/postgresql jdbc driver/8.0.14
version/postgresql jdbc driver/7.3.7
version/postgresql jdbc driver/8.2
version/postgresql jdbc driver/7.4.2
version/postgresql jdbc driver/8.0.11
version/postgresql jdbc driver/8.0
version/postgresql jdbc driver/7.4.13
version/postgresql jdbc driver/7.3.4
version/postgresql jdbc driver/8.1.2

CVE-2007-6600

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2007-6600?

How do I fix CVE-2007-6600?

Which PostgreSQL versions are affected by CVE-2007-6600?

What specifically does CVE-2007-6600 impact in PostgreSQL?

Are there any known exploits for CVE-2007-6600?

Company

Resources

Contact